Web Proxy - Basic Setup (Transparent)

Version 2.5

Applies to Platform: UTM 2.4, UTM 2.5Last Update: 28 April 2011

This lesson will illustrate the necessary steps to configure a very simple transparent web proxy on a typical Endian appliance. A transparent web proxy is one that requires no client-side changes to operate effectively (all traffic is tranparently redirected). The primary purpose of the web proxy is to (1) allow for a simple method to filter web traffic to appropriate levels for business and (2) provide accountability for user web traffic.

Note

If you have an endian UTM Appliance equipped with version 3.0 or 5.0, please refer to this howto.

Enable the Web Proxy

The first step is to enable the web proxy by clicking the gray button (which will turn green when enabled). Once this is done, we can configure the networks we want to be filtered transparently (using Green only in this example).

Configure the Log Settings

Since we want to have all web access (allowed and blocked) logged for review purposes, we're going to enable the appropriate logging options.

Click Save and then Apply the changes to proceed.

Configure the Content Filter Profile (Default)

In this example, we're only going to configure web filtering by URL Blacklist (only) for ease and administration purposes. The first thing we'll do is ensure our HTTP antivirus is enabled by checking the appropriate box. You can select the whole category to block by clicking the green arrow or, alternatively, you can drop down the subcategories and select those individually in order to block some and not others. You can also attach custom white- or blacklists to this profile as well.

Click Update Profile and then Apply the changes to proceed.

Note

When you enable web filtering by phrases (Content Filtering) this will block those categories of phrases for content "inside the page" which will result in a more aggressive blocking strategy with potentially a higher false positive rate.

Configure the Access Policy

The last step is to create an access policy which will map the content filtering profile based on a specific network configuration. In the example above, we're creating a simple policy for the Green zone (entire network) that is using the content filtering profile (default) that we just configured in the previous step.

Click Create Profile and then Apply the changes to finalize the configuration.

Test the Web Proxy

You can test your configuration now by browsing the Internet from the Green network and you should see a block page on sites that match the categories selected.

Verify Logging

You should also be able to view all the web traffic in real-time by going to Logs > Live Log Viewer and select the "Web Proxy" log to view.

Comments

Warning - Google has changed some thing is their search engine, especially in the google images search - which is now seemingly capable of bypassing the contentfilter used in Endian (dansguardian). There are numerous posts about this issue on various forums